4 Reasons Why Ransomware Attacks Should Be Reported
Becoming subjected to ransomware attacks not only results in huge monetary losses but also the loss of reputation for various enterprises. On top of that, they may be slapped with lawsuits from their clients as well as by various security-related regulatory bodies which govern the cybersecurity world. Therefore, predictably, many enterprises choose to refrain from making it publicly known that they’ve been affected by a ransomware attack, and instead, choose to settle things the ‘non-legal’ way – by paying up the ransom. Now the question is: Is this the right way to tackle a ransomware attack? Certainly not.
It’s not just about coming clean about the flaws existing in an enterprise’s security system and announcing to the clients they are truly sorry for what happened. It’s also about taking into consideration the consequences which might befall them because they chose to keep the ransomware attack under the blanket. Because, more often than not, coming clean is a way better option than staying silent when it comes to ransomware attacks.
Let’s take a look at 4 reasons for why it’s better for enterprises to report a ransomware attack publicly than keeping it under the wraps.
1. Renowned Experts Will Scrutinize The Security Breach: Of course, you can carry out a private investigation with your own team of security experts – hired or in-house – but remember that they won’t be your harshest critics. Because at the end of the day you are employing them. Therefore to get an unbiased opinion there’s no other way but to seek out a third party opinion (world’s cybersecurity community).
2. To Comply With Rules Laid Down By Various Security Bodies: Most of the security-related regulatory bodies make it mandatory for enterprises to come out clean with the ransomware attacks they may be subjected to. And if they don’t, they’ll be confronted with liabilities of different types. Despite all this, unfortunately, many enterprises choose to keep these security attacks under wraps.
3. To Find Out If There’s More Than That Meets The Eye: Not often do things come to an end once enterprises pay up the ransom. What if the ransomware attackers still continue to spy on you? To give an example, Peachtree’s Neurological Clinic’s forensic team, in July, found a 15-month security breach during an investigation on some separate ransomware attack. Had it paid the ransom or decrypted the files and moved on – they may never have detected the unknown hack!
4. To Find Out How Much Information Hackers May Have: The general perception among various enterprises when it comes to ransomware attacks is that the hackers can’t or won’t have access to sensitive information – they just gain the capability to simply encrypt them. Nothing could be further from the truth. If hackers have the capability to lock sensitive data, then why wouldn’t they be able to access it in the first place? Therefore the next question which arises is: if they can access information, then how much do they know?
This is what Steven Gravely, partner with Troutman Sanders, has to say on this issue, “In many instances, the attacker retains the data and sells it on the black market even if the ransom is paid and access to the target system is restored”. Therefore to understand how much hackers know and what they can do with that data, and how you can get that back, you need to come clean with the ransomware attack in the first place.
Conclusion: Being subjected to a ransomware attack – or any form of cyberattack for that matter – can be quite embarrassing. No doubt about that. Nobody likes to admit they have chinks in their security armor. But, like mentioned before, the cost of coming clean is often lesser than keeping things under wraps when it comes to ransomware attacks.
We’d like to end with a quote from CynergisTek CEO Mac McMillan, with regards to announcing ransomware attacks publicly, which says “Everyone can have an incident, and everyone gets that. The difference is a smart organization has the right response, informs those who need to be informed and does what needs to be done. They fare much better with the people they serve, regulators — the whole nine yards”.
Kevin Jones720 Posts
Kevin Jones, Ph.D., is a research associate and a Cyber Security Author with experience in Penetration Testing, Vulnerability Assessments, Monitoring solutions, Surveillance and Offensive technologies etc. Currently, he is a freelance writer on latest security news and other happenings. He has authored numerous articles and exploits which can be found on popular sites like hackercombat.com and others.